Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/11 8:41 p.m.2 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00042EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/11 7:30 p.m.5 views

CVE-2026-31959

CVE-2026-31959 (Quill) : Quill before v0.7.1 is vulnerable to SSRF in the notarization logs retrieval flow. The client fetches a URL provided by the Apple notarization service and currently does not validate that the URL uses https or that the host is safe (not local or multicast). An attacker wh...

5.3CVSS5.9AI score0.0002EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/03/11 7:30 p.m.0 views

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS5.9AI score0.0002EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/10/22 12:0 a.m.3 views

FastGPT 代码问题漏洞

FastGPT is an open source knowledge base question and answer system based on a large language model from labring open source. A code issue vulnerability exists in FastGPT versions prior to 4.11.1, which stems from an unvalidated network link in the workflow file read node and could lead to a...

6.9CVSS6.8AI score0.00041EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2025/07/30 6:8 a.m.2 views

kernel: cifs: potential buffer overflow in handling symlinks

A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System CIFS module, specifically within the parsemfsymlink function. This flaw is caused by insufficient input validation on the linklen value, which dictates the length of a symbolic link. An attacker...

7.8CVSS7.2AI score0.00013EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2023/02/15 4:11 a.m.1 views

SUSE CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS7.7AI score0.02803EPSS
Exploits0References9
OSV
OSVadded 2022/07/14 1:15 p.m.1 views

CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...

7.5CVSS5.9AI score0.00249EPSS
Exploits1References2
CNNVD
CNNVDadded 2021/11/03 12:0 a.m.3 views

grafana 跨站脚本漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus. A cross-site scripting vulnerability exists in Grafana that stems from a failure to validate a URL,...

6.9CVSS7.3AI score0.87697EPSS
Exploits0References13
Rows per page
Query Builder